The new blocking feature stops users when inappropriate activity occurs. Blocking is automatically triggered when database activity, the communication between users or applications and the database, violates a customer’s security policy. The feature will be added to the Audit and Threat Management module of DbProtect, the database activity monitoring (DAM) component of the Database SRC platform, and is available for all supported database platforms.
“Today’s cyber threats pose significant risk to the confidentiality of digital information within companies, and blocking adds an additional layer of defense to thwart unauthorized activity,” said Josh Shaul, Chief Technology Officer, AppSec. “DbProtect excels at helping companies prevent attacks, regardless of where they initiate and what paths they take. AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we’re bolstering those capabilities with an active defense. Blocking is a last line of defense against intruders that have managed to slip through other security measures.”
The new blocking feature is an automated incident response that comes equipped with an out-of-the-box set of actions to effectively quarantine accounts that behave inappropriately while immediately alerting appropriate personnel of the violation. DbProtect 6.3 will update its management console to allow users to specify which blocking actions are appropriate under what conditions.
Blocking is powered by AppSec’s leading SHATTER Knowledgebase – the largest and most expansive library of database vulnerability and threats – which is updated with the greatest frequency to provide current protection from continuously changing cyber threats.
Primary use cases for blocking capabilities include:
Privileged user segregation of duties (SoD) enforcement—By enforcing SoD rules on database administrators (DBAs) and other privileged users, personnel responsible for administering the performance of the database system is blocked from accessing the information stored in the database that is not relevant to their responsibilities. Organizations can now readily satisfy information security concerns that have become common audit findings.
Virtual patching—It is expensive and difficult to patch databases. In many cases, it’s simply impossible to patch a critical database within a reasonable timeframe. Blocking augments DbProtect’s ASAP Update program – the security update service that keeps its knowledgebase current, to help organizations apply patch protection when a patch hasn’t actually been applied. Virtual patching saves DBAs significant time while dramatically reducing risk.
Data leakage prevention—Organizations are left exposed by not monitoring database activity, or not being able to react quickly enough to the database audit logs they may be collecting. Ironically, most Data Leakage Prevention technologies focus on end-point protection, and are largely ineffective at protecting the database. Blocking unauthorized queries that attempt to extract large amounts of sensitive data ensures that data does not leave the database.
Attack prevention—Exploits of known vulnerabilities or database misconfigurations could easily be mistaken for normal activity by security generalists that lack database experience. Detecting suspicious activity and locking out the user accounts exploited by attackers can halt a database attack before the attacker can get to the data and do real damage.
In addition, DbProtect 6.3 will include rights management capabilities for DB2 and Sybase databases. Adding to the existing Rights Management support for Oracle and Microsoft SQL Server, DbProtect proactively uncovers the privileged users in the database that are typically hidden by the complex access controls deployed on a system. Rights Management provides a detailed view of an organization’s data ownership, access controls and rights to sensitive data. It helps organizations answer segregation of duty questions at the database level.
The key benefits of the DbProtect Rights Management module include:
Proactive rights review capabilities for a heterogeneous database environment that includes Oracle Database, Microsoft SQL Server, Sybase ASE and IBM DB2 LUW.
Ability to identify all privileged users and inappropriate access that can lead to fraudulent changes or data breach.
Enables IT security, DBAs and business managers to assess database entitlements
Saves time and resources by automating the entitlements mining process for all databases across the network
Meets restricted access compliance requirements by implementing the principle of least privilege.
DbProtect 6.3 is scheduled for release in Q3 2011 and the aforementioned enhancements will be included as a free of charge upgrade for current customers. Please contact AppSec Sales for further information.
About Application Security, Inc.
AppSec is a pioneer and leading provider of database security, risk and compliance (SRC) solutions for the enterprise. By providing strategic and scalable software-only solutions – AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise – AppSec supports the database SRC lifecycle for some of the most complex and demanding environments in the world across more than 2,000 commercial and government customers.
Leveraging the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER, AppSec products help customers achieve unprecedented levels of data security from nefarious or accidental activities, while reducing overall risk and helping to ensure continuous regulatory and industry compliance.